10832 matches found
USN-3835-1: Linux kernel vulnerabilities
Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. CVE-2018-17972 Jann Horn discovered that the mremap system...
USN-3834-2: Perl vulnerabilities
USN-3834-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jayakrishna Menon discovered that Perl incorrectly handled Perlmysetenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of...
USN-3834-1: Perl vulnerabilities
Jayakrishna Menon discovered that Perl incorrectly handled Perlmysetenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-18311 Eiichi Tsukata discovered that Perl incorrectly handled certain regular expression...
USN-3833-1: Linux kernel (AWS) vulnerabilities
Jann Horn discovered that the Linux kernel mishandles mapping UID or GID ranges inside nested user namespaces in some situations. A local attacker could use this to bypass access controls on resources outside the namespace. CVE-2018-18955 Philipp Wendler discovered that the overlayfs implementati...
USN-3832-1: Linux kernel (AWS) vulnerabilities
Jann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. CVE-2018-17972 Jann Horn discovered that the mremap system...
USN-3795-3: libssh regression
USN-3795-1 and USN-3795-2 fixed a vulnerability in libssh. The upstream fix introduced a regression. This update fixes the problem. Original advisory details: Peter Winter-Smith discovered that libssh incorrectly handled authentication when being used as a server. A remote attacker could use this...
USN-3831-1: Ghostscript vulnerabilities
It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...
USN-3830-1: OpenJDK regression
USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem. We apologize for the inconvenience...
USN-3827-2: Samba vulnerabilities
USN-3827-1 fixed a vulnerability in samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denia...
USN-3816-3: systemd regression
USN-3816-1 fixed vulnerabilities in systemd. The fix for CVE-2018-6954 caused a regression in systemd-tmpfiles when running Ubuntu inside a container on some older kernels. This issue only affected Ubuntu 16.04 LTS. In order to continue to support this configuration, the fixes for CVE-2018-6954...
USN-3829-1: Git vulnerabilities
It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-15298 It was discovered that Git incorrectly handled certain inputs. An attacker...
USN-3828-1: WebKitGTK+ vulnerabilities
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...
USN-3827-1: Samba vulnerabilities
Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. CVE-2018-14629 Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card...
USN-3826-1: QEMU vulnerabilities
Daniel Shapira and Arash Tohidi discovered that QEMU incorrectly handled NE2000 device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2018-10839 It was discovered that QEMU incorrectly handled the Slirp networking back-en...
USN-3801-2: Firefox regressions
USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafte...
USN-3825-2: mod_perl vulnerability
USN-3825-1 fixed a vulnerability in modperl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Jan Ingvoldstad discovered that modperl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation....
USN-3825-1: mod_perl vulnerability
Jan Ingvoldstad discovered that modperl incorrectly handled configuration options to disable being used by unprivileged users, contrary to the documentation. A local attacker could possibly use this issue to execute arbitrary Perl code...
USN-3816-2: systemd vulnerability
USN-3816-1 fixed several vulnerabilities in systemd. However, the fix for CVE-2018-6954 was not sufficient. This update provides the remaining fixes. We apologize for the inconvenience. Original advisory details: Jann Horn discovered that unitdeserialize incorrectly handled status messages above ...
USN-3824-1: OpenJDK 7 vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
USN-3817-2: Python vulnerabilities
USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denia...
USN-3823-1: Linux kernel vulnerabilities
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...
USN-3822-2: Linux kernel (Trusty HWE) vulnerabilities
USN-3822-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the ...
USN-3822-1: Linux kernel vulnerabilities
Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the BP and OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service guest OS crash. CVE-2016-9588 It was discovered that the generic SCSI driver in the Linux kernel did...
USN-3820-3: Linux kernel (Azure) vulnerabilities
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-15471 It was discovered that the generic SCSI...
USN-3821-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3821-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not...
USN-3821-1: Linux kernel vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service system crash. CVE-2018-10880 It...
USN-3820-2: Linux kernel (HWE) vulnerabilities
USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not...
USN-3819-1: Linux kernel vulnerability
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...
USN-3820-1: Linux kernel vulnerabilities
Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-15471 It was discovered that the generic SCSI...
USN-3818-1: PostgreSQL vulnerability
It was discovered that PostgreSQL incorrectly handled certain trigger definitions when running pgupgrade or pgdump. A remote attacker could possibly use this issue to execute arbitrary SQL statements with superuser privileges...
USN-3817-1: Python vulnerabilities
It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2018-1000030 It was...
USN-3811-2: SpamAssassin vulnerability
USN-3811-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a deni...
USN-3814-3: ClamAV vulnerabilities
Updated: 2018-11-21: The embedded version of libmspack in ClamAV was found to not be affected by the listed vulnerabilities, therefore the following is not applicable. USN-3814-2 fixed several vulnerabilities in clamav. This update provides the corresponding update for Ubuntu 12.04 ESM. Original...
USN-3814-2: ClamAV vulnerabilities
Updated: 2018-11-21: The embedded version of libmspack in ClamAV was found to not be affected by the listed vulnerabilities, therefore the following is not applicable. USN-3814-1 fixed several vulnerabilities in libmspack. In Ubuntu 14.04 libmspack is included into ClamAV. This update provides th...
USN-3816-1: systemd vulnerabilities
Jann Horn discovered that unitdeserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. CVE-2018-15686 Jann Horn discovered a race condition in...
USN-3815-2: gettext vulnerability
USN-3815-1 fixed a vulnerability in gettext. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code...
USN-3815-1: gettext vulnerability
It was discovered that gettext incorrectly handled certain messages. An attacker could possibly use this issue to execute arbitrary code...
USN-3814-1: libmspack vulnerabilities
It was discovered libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. CVE-2018-18584, CVE-2018-18585...
USN-3813-1: pyOpenSSL vulnerabilities
It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-1000807 It was discovered that pyOpenSSL incorrectly handled...
USN-3812-1: nginx vulnerabilities
It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-16843 Gal...
USN-3811-1: SpamAssassin vulnerabilities
It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. CVE-2017-15705 It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use th...
USN-3810-1: ppp vulnerability
Ivan Gotovchits discovered that ppp incorrectly handled the EAP-TLS protocol. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly bypass authentication...
USN-3786-2: libxkbcommon vulnerabilities
USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service...
USN-3809-1: OpenSSH vulnerabilities
Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10708 It was discovered that OpenSSH incorrectly handled certain requests. ...
USN-3808-1: Ruby vulnerabilities
It was discovered that Ruby incorrectly handled certain X.509 certificates. An attacker could possibly use this issue to bypass the certificate check. CVE-2018-16395 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
USN-3807-1: NetworkManager vulnerability
Felix Wilhelm discovered that the NetworkManager internal DHCPv6 client incorrectly handled certain DHCPv6 messages. In non-default configurations where the internal DHCP client is enabled, an attacker on the same network could use this issue to cause NetworkManager to crash, resulting in a denia...
USN-3806-1: systemd vulnerability
Felix Wilhelm discovered that the systemd-networkd DHCPv6 client incorrectly handled certain DHCPv6 messages. In configurations where systemd-networkd is being used, an attacker on the same network could use this issue to cause systemd-networkd to crash, resulting in a denial of service, or...
USN-3805-2: curl vulnerability
USN-3805-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Brian Carpenter discovered that the curl command-line tool incorrectly handled error messages. A remote attacker could possibly use this issue to obtain sensiti...
USN-3805-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-16839 Brian Carpenter discovered that curl incorrectly handled memory when...
USN-3804-1: OpenJDK vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...